Jump to content

SSL - How Noobie did it on Windows 7 machine without server software

herdofem

By herdofem
in General/Windows

 Share

Recommended Posts

herdofem

herdofem   1

Posted
Posted

Already had a domain with a Let's Encrypt security certificate.

 

Got Duck DNS by going to their website signing in with Twitter and providing a prefix (name) that goes in front of the duckdns.org web address. Installed Duckdns on my desktop where Emby is installed. It runs continuously providing your desktop ip address to prefix.duckdns.org. Test by changing your remote WAN access in Emby server, to prefix.duckdns.org, port 8096 and using your phone app, pointing to http://prefix.duckdns.org, port 8096.

 

Login to your domain Host and using their DNS Zone Editor (or similar) add a Cname entry for WWW.your domain.com (net, biz whatever) pointing at prefix.duckdns.org.

 

Go to ZeroSSL.com to use their FREE SSL Certificate Wizard. Type in yourdomain.com into top right box. On the bottom left check DNS Verification and the 2 tight agreement boxes. Click Next to get your CSR and then next again to get your private key.  Click Next. Two Verification file will be provided, one for .yourdomain.com (root domain) and one for www.yourdomain.com. These need to be uploaded to your domain. Use the same DNS editor at your domain Host as you did to enter a Cname entry. This time look for the text section. Cut and past the two _acme-challenge  "domain TXT Records" as Text file names into the DNS editor and the corresponding values, as shown on the ZeroSSL verification screen. Once uploaded and saved it can take up to an hour for this to be visible for the last step. You can see if the files have populated your dns by using a command prompt and typing nslookup -q=TXT  XXX. where XXX is one of the "domain TXT Record" file names. Do it for both records. Once you see they have both populated, click Next. You should have 2 downloads available. One is your certificate and on is your account key. Download them both to a folder on your desktop.

 

Go to sslshopper.com next and look for ssl converter. Change "Type to Convert to" to PFX/PKCS#12. Leave everything else as is. Upload your certificate and account key. Click Convert Certificate and you should then be able to down load your .pfx file into a folder on your desktop.

 

Go to the Emby Server Dashboard. Expert, Advanced tab. (Emby Server 4.0.2)

Assuming you're working from default setup, Change the Public HTTPs port number to 443. Enter yourdomain.com into "External domain" box. Provide the path for your .pfx file in the "Custom ssl certificate box".

 

One last thing you need to do is get into your routers control panel and port forward the external port 443 to internal port 8920. You can check open ports using CanYouSeeMe.org

 

Now you should be able to enter https://www.yourdomain.com, port 443 into Emby app on your phone to see your server.

 

  • Like 1
Link to comment
Share on other sites
Carlo Emby Team

Carlo   4330

Posted
Posted

Nice write up!

 

This is very similar in setup to using CloudFlare without the additional security CF provides.

With CloudFlare you can get a domain and SSL free of charge, so that would still be my first choice due to the extra protection available.

Link to comment
Share on other sites
Angus Black

Angus Black   4

Posted
Posted
...

With CloudFlare you can get a domain and SSL free of charge, ...

Are you saying CloudFlare has free domains? I can't find that.

I had set up a free domain from Freenom but they cancelled it a day later saying my website (Emby) didn't meet their qualifications.

Link to comment
Share on other sites
  • 1 month later...
mobilelawyer

mobilelawyer   2

Posted
Posted (edited)

Thanks to all. The software-less configuration suggested here worked fine on my Freenom domain. 

 

I was able to download, convert and install the SSL certificates to use with my Emby server. 

 

When the new secure login information is configured on the various Emby apps, everything seems to work fine. Trying to enter "https://<my domain>" and then specify port 443 is sometimes hit-or-miss, though when you type the address in a browser. 

 

And I am going to have to figure out how how to get the certificate renewed periodically, but I suppose I will cross that bridge at the appropriate time. Thanks again. 

Edited by mobilelawyer
Link to comment
Share on other sites
  • 4 weeks later...
mobilelawyer

mobilelawyer   2

Posted
Posted

Bad news. It appears my free domain is going to be pulled  due to the policies of that particular domain. They demand conventional web content, accessible by the pubic. Got a letter from Freenom to the effect that they sought to view my content, and no content was accessible. They warned they would be reviewing again in a few days, and implied that unless such content was available, consequences would ensue. I was invited to get one of their paid domains, which would not be subject to the same policies. If I were going to that trouble, I would probably simply use GoDaddy. I have a name reserved with them, but nothing is parked on it. Has anyone tried them? Would appreciate any feedback on this.  

Link to comment
Share on other sites
BAlGaInTl

BAlGaInTl   279

Posted
Posted

Bad news. It appears my free domain is going to be pulled  due to the policies of that particular domain. They demand conventional web content, accessible by the pubic. Got a letter from Freenom to the effect that they sought to view my content, and no content was accessible. They warned they would be reviewing again in a few days, and implied that unless such content was available, consequences would ensue. I was invited to get one of their paid domains, which would not be subject to the same policies. If I were going to that trouble, I would probably simply use GoDaddy. I have a name reserved with them, but nothing is parked on it. Has anyone tried them? Would appreciate any feedback on this.

Stay away from GoDaddy. They are the kings of upselling.

 

Hover.com is good, but a bit more expensive. But it includes all of the privacy controls without extra fees.

 

Now I use Google Domains (https://domains.google.com). Decent prices, easy management, and also includes privacy guards.

Link to comment
Share on other sites
  • 6 months later...
  • 3 years later...
FancyNerd92

FancyNerd92   9

Posted
Posted

I do that but i'm getting an error 400: Bad Request...

I have my domain ready on Cloudflare ex. https://mydomain.com and it's pointing on a website. I create a CNAME with subdomain and pointing on prefix.duckdns.org and proxy status proxied. So when enter to the https://subdomain.mydomain.com i'm getting this error...

Any ideas?

Link to comment
Share on other sites
Luke Emby Team

Luke   37010

Posted
Posted
On 1/28/2023 at 1:53 PM, FancyNerd92 said:

I do that but i'm getting an error 400: Bad Request...

I have my domain ready on Cloudflare ex. https://mydomain.com and it's pointing on a website. I create a CNAME with subdomain and pointing on prefix.duckdns.org and proxy status proxied. So when enter to the https://subdomain.mydomain.com i'm getting this error...

Any ideas?

Hi, have you compared your setup to this?

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...